Just nu i M3-nätverket
Jump to content

Jag är förstasidekapad!!!!


Guest idgadmin

Recommended Posts

Guest idgadmin

Jag har råkat ut för en förstasidekapare.

Har försökt få bort den med massa olika program men inte funkar det inte.Förstasidan är en aboutblank som inte leder någonstans.

 

Hjälp!!!

 

Link to comment
Share on other sites

Guest idgadmin

 

OK här kommer loggen:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Mixer.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Doctor\spydoctor.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N3 - Netscape 7: user_pref("browser.search.defaultengine",

"engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

(C:\Documents and Settings\STORDATOR 2\Application

Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} -

C:\WINDOWS\system32\fibf.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN

Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} -

C:\WINDOWS\syslr\mssearch.dll

O2 - BHO: FlashFXP Helper for Internet Explorer -

{E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN

Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash

Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft

Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon]

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched]

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN

Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround

Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet]

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe"

/NOUI

O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe"

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus

Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus

Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [saap] c:\program files\winsys180\saap.exe

O4 - HKCU\..\Run: [RemoteCenter]

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [RealOne Player Update Sheduler]

C:\WINDOWS\System32\RealUpdater.Exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe"

/Q

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll,Install

O4 - Global Startup: hp psc 2000 Series.lnk =

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk =

C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: officejet 6100.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00000000-0000-0000-0000-000020030000} -

http://www.7adpower.com/dialer/svezia.exe

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} -

C:\WINDOWS\system32\fibf.dll

O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} -

C:\WINDOWS\system32\fibf.dll

O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll

O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} -

C:\WINDOWS\System32\Qljdbfib.dll (file missing)

 

Link to comment
Share on other sites

 

stäng internet. bocka för dessa i hjt

 

O4 - HKLM\..\Run: [saap] c:\program files\winsys180\saap.exe

 

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\image.dll,Install

 

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\image.dll

 

starta sen om datorn och posta en ny logg

 

Link to comment
Share on other sites

 

jag glömde en sak, är du helt säker på att det är hela loggen som du fått med ovan...

kolla noga när du postar nästa logg så hela kommer med. använd hijack this vers 1.99

 

[inlägget ändrat 2005-01-02 17:55:29 av 927]

Link to comment
Share on other sites

Guest idgadmin

 

Här kommer nästa logg.

 

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Mixer.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Doctor\spydoctor.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\WINDOWS\System32\wisptis.exe

C:\Program\Outlook Express\msimn.exe

C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} - C:\WINDOWS\system32\fibf.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\syslr\mssearch.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI

O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe"

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: officejet 6100.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll

O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll

O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll

O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing)

 

 

 

Link to comment
Share on other sites

 

hmmm... zipp, varför ser jag inte "infon" och 023?

 

stäng internet och bocka för dessa

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

 

O2 - BHO: (no name) - {2F14C428-91E6-4207-B041-1F6308AFB12C} - C:\WINDOWS\system32\fibf.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\syslr\mssearch.dll

 

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

O18 - Filter: text/html - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll

O18 - Filter: text/plain - {444B1BA1-CD06-46FA-8673-22E888AA5502} - C:\WINDOWS\system32\fibf.dll

O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing)

O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll

O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing)

 

starta om i felsäkert läge och ta bort

 

fibf.dll

mssearch.dll

resj.dll

 

om dom hittas

 

starta om och posta en ny logg

 

Link to comment
Share on other sites

 

>hmmm... zipp, varför ser jag inte "infon" och 023?<

 

Vad menar du med "infon"?

Den här variantten ser man inte i 023 rader.

Översta delen av loggen fattas vet inte vilken Windows vi har här.

 

Link to comment
Share on other sites

 

med infon mena jag den ms och hjt infon.

kanske är det 2k3...

 

vad menar du med:

Den här variantten ser man inte i 023 rader.

 

 

Link to comment
Share on other sites

 

>med infon mena jag den ms och hjt infon<

 

Ahaa...nu fattar jag.

Man måste spara loggen först någonstans sen kopiera den och klistra in.

 

>vad menar du med:

Den här variantten ser man inte i 023 rader.<

 

Jag mena att den här variantten

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure

 

ser man inte i O23 - Service rader men den här variantten ser man ibland där

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zajic.dll/sp.html#37049

 

 

 

Link to comment
Share on other sites

 

hehe, jo men frågeställaren har ju sparat loggen nånstans annars är det ju svårt att posta loggen, eller?

jag tänkte att infon inte fanns i txt filen heller, kanske....

 

jaså, det har jag inte tänkt på.

men jag fattar inte hur det hänger ihop... alltså hur R1 kan påverka att hjt inte visar 023 service panda blabla

 

[inlägget ändrat 2005-01-02 21:47:49 av 927]

Link to comment
Share on other sites

Guest idgadmin

 

Jahapp....här kommer loggen.

 

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Mixer.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Logitech\MouseWare\system\em_exec.exe

C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Doctor\spydoctor.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI

O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe"

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: officejet 6100.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing)

O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing)

 

 

Tackar å bockar,niger å knixar..........kaparen har dunstat...peppar peppar

 

Kramiz

 

Link to comment
Share on other sites

 

Placera Hijacken hit i egen mapp

C:/HjT/HijackThis.exe

 

Kopiera hit översta delen av loggen eller meddela vilken Windows du har.

 

Link to comment
Share on other sites

 

vi testar detta

 

starta om i felsäkert läge, kör hjt och fixa dessa

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\STORDA~1\LOKALA~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

 

O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/svezia.exe

O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

O19 - User stylesheet: C:\WINDOWS\sample.txt (file missing)

O21 - SSODL: Web Event Logger - {79FB9088-19CE-715D-D85A-216290C5B738} - C:\WINDOWS\System32\Qljdbfib.dll (file missing)

 

starta sen om och posta en ny logg.

 

vilket operativsystem använder du?

 

 

Link to comment
Share on other sites

Guest idgadmin

 

här kommer nästa logg.

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\Mixer.exe

C:\Program\Microsoft Hardware\Keyboard\type32.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program\Logitech\iTouch\iTouch.exe

C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe

C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program\Logitech\MouseWare\system\em_exec..exe

C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE

C:\Program\Real\RealPlayer\RealPlay.exe

C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Spyware Doctor\spydoctor.exe

C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe

C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE

C:\Documents and Settings\STORDATOR 2\Skrivbord\HijackThis.exe

C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe

C:\WINDOWS\system32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://f10/cgi-bin/action.cgi

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01..src"); (C:\Documents and Settings\STORDATOR 2\Application Data\Mozilla\Profiles\default\usupg38r.slt\prefs.js)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\01.02.3000.1001\sv\msntb.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [CTStartup] "C:\Program\Creative\Splash Screen\CTEaxSpl.EXE" /run

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [intelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [zSPGuard] c:\program\pjw\spguard\spguard.exe /s /r

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [MMTray] C:\Program\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [DVDBitSet] "C:\Program\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI

O4 - HKLM\..\Run: [HPCDTray] "C:\Program\HP CD-DVD\Umbrella\hpcdtray.exe"

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [RealTray] C:\Program\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKCU\..\Run: [RemoteCenter] C:\Program\Creative\MediaSource\RemoteControl\RcMan.exe

O4 - HKCU\..\Run: [RealOne Player Update Sheduler] C:\WINDOWS\System32\RealUpdater.Exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program\Spyware Doctor\spydoctor.exe" /Q

O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: officejet 6100.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O20 - AppInit_DLLs: C:\WINDOWS\System32\resj.dll

 

 

 

Link to comment
Share on other sites

 

020 raden är kvar, den verkar va krånglig. vi testar detta viset

 

starta hjt>config>misc tool>delete file on reboot>välj fil>öppna>starta om

 

den filen som ska bort är alltså resj.dll

C:\WINDOWS\System32\resj.dll

 

det är en liten chans men filen kan användas av nåt program. om du vill så kan du högerklicka>egenskaper>version och kolla där vad det är för fil osv

[inlägget ändrat 2005-01-02 23:33:02 av 927]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...